VCDX Skill Network

Originally posted in September 2015 on vmice.net

Networking skills were not my strong side to say the least. This was the topic I needed to spend the most time on by far before the defense date.

Networking includes technologies regarding vSphere networking components (vSwitches and configurations) and how it connects to the physical side, and then the physical side of networking (switches, routers, routing protocol impact etc):

  • vSphere Networking
    • Distributed and Standard vSwitches. Security features. LACP. NIOC. Netflow etc
    • NSX and vCNS bits for those in the VCDX Cloud/NSX tracks
  • Physical Networking
    • ethernet topology (access,distribution,core). Network hardware (bandwidth throughput, ports, features), firewalls (part of security also) etc
  • Logical Networking on the Physical Network or just Routing Packages Stuff Events
    • vLAN. PVLAN. Routing Protocols and vSphere (Leaf-Spine, SPB, OSPF…) . SPAR. Virtual Network Cards (Cisco vNICs, HP FlexFabric, IBM virtual network…). Storm Protection. BDPUs and STP. Etc.

Ps. You should in no circumstances call network routing, a Routing Packages Stuff Event…

And as before, how can these impact my design qualities?:

  • Availability can be impacted by routing protocol used and protection against downtime (STP disabled, BDPU Guards or Filters), component redundancy (NIC and switch/router), LACP configurations (Static versus Dynamic), Upstream failure control etc.
  • Manageability can be impacted by management tools (HP FlexFabric, Cisco UCS…), Netflow Tools, automation features, employee skill levels, network virtualization capabilities etc.
  • Performance can be impacted by bandwidth and packet throughput. Nothing more 🙂
  • Recoverability can be impacted by L2 spanned network between sites, L3 overlay networks, Ip changes (even though on the application layer), load balancing options, backup bandwidth and impact on RTO etc.
  • Security can be impacted with firewall bandwidth (performance too), type of firewalls (stateful/stateless/WAFs), virtual firewalls (vCNS, NSX, Cisco, Trend…), access control on all layers (virtual, physical) etc.

To give a little overview of my current skill level at that time, I had taken the CompTIA Network+ exam 4 years ago so I had a basic understanding around networks and how they work. But that wasn’t enough since I did not know exactly what STP can do to a vSphere host, or how specific routing protocols can impact vSphere environments (well all environments but specifically vSphere environments in this particular case).

So as a starting point I created a list of things I needed to know. I use Rene’s list as a starting point: http://vcdx133.com/2014/04/24/vcdx-study-plan-networking/ I created a Quizlet with detailed answers (not remotely short in any way) to be able to understand the concept rather than just memorize it.

Here are some examples of the questions/answers:

In classical ethernet, if you configure Spanning Tree, what is the impact?

Get rid of switching loops by discovering the topology of the network by sending out BPDU frames. STP is used to accomplish a loop-free environment. Every time a port state goes up, STP calculation occurs. As the result of the calculation, the switch ports are either set to a forwarding or blocking state to prevent a traffic loop. STP topology convergence has four states:

  • Blocking
  • Listening
  • Learning
  • Forwarding

When STP convergence is initiated it forces all of the physical switches in the STP domain to dump their forwarding tables and relearn the STP topology and all MAC addresses. This process can take between 30-50 seconds. During this time, no user data passes through the port. Some user applications can time out during this period. Connectivity is restored when the STP domain completes this convergence. The main impact is BANDWIDTH since all but one port is blocked.

What are BPDU packets?

Bridged Protocol Data Units (BPDUs) are the frames that are exchanged between physical switches as part of the Spanning Tree Protocol (STP). STP is used to prevent loops in the network and is commonly enabled on physical switches. When a link on a physical switch port goes up, the STP protocol starts its calculation and BPDU exchange to determine if the port should be in forwarding or blocking state. Bridge Protocol Data Unit (BPDU) frames exchange across the physical switch ports to identify the Root Bridge and form a tree topology. VMware’s vSwitches do not support STP and do not participate in BPDU exchanges. If a BPDU frame is received on a vSwitch uplink, that frame is dropped. Likewise, VMware vSwitches do not generate BPDU frames.

What are the disadvantages of use LAG with vSphere Storage traffic?

iSCSI traffic: vmkernel port binding is much better to aggregate uplinks with iSCSI traffic. Gives options to use RoundRobin, Fixed and MRU) NFS: Bandwidth for each NFS export limited to a single uplink since the IP hash will always be the same. There is a way to change the IP hash result by having different IP address at the NFS Array that would result in a different IP hash ending. Adds unnecessary complexity.

Most of these answers were copied from various internet sources to save time, including the glorious Wikipedia, and the ones regarding LACP and LAGs from Chris Wahls blog http://wahlnetwork.com/

After hours of research I found Chris blog the best source of explanations on multiple specific network configurations on vSphere environments and I suggest you check out his page on work around NFS on vSphere, LACP and LAG impact, vSphere Distributed switches and lots of other cool stuff.

Other resources I used were Pluralsight courses , Network+, CCNA, OSPF and other great stuff from there.

Also IBM redbooks were a great resource since I’ve read way to many of them and here is an excellent diagram from one these books (I lost the link will update when I find it):

VCDX_Skill_Network

Of course most of each book will include information about specific IBM technologies but there are really good explanations on lots of basic things hidden in there.

Also these links helped me immensely:

As for vSphere related technologies you need to know most of it on a deep level:

  • Distributed vs. Standard vSwitches
  • Security policies
  • Load Balancing Options (and how the work)
  • NiC teaming impact
  • NIOC
  • LAGs
  • Netflow
  • And for other tracks than the DCV, you can add all the NSX bits, and the vCloud/vRA bits.

Back to Skill Update